Merge branch 'main' into lock-timestamp

SurferJeffAtGoogle · Dec 1, 2021 · 2addff6 · 2addff6
2 parents eeb9ab2 + 6e855c9
commit 2addff6
Show file tree

Hide file tree

Showing 49 changed files with 4,330 additions and 516 deletions.
diff --git a/packages/auto-approve/README.md b/packages/auto-approve/README.md
@@ -7,7 +7,126 @@ This bot checks incoming pull requests against the `.github/auto-approve.yml` fi
 ## Using the bot
 To use the bot, start by [enabling it on your repository](https://github.com/apps/auto-approve).  It is on automatically for the `googleapis` org.
 
-Next, create a file in `.github/auto-approve.yml` in your repository.  The complete options supported include:
+## Latest Release Notes (11/23/21):
+
+As of 11/23/21, we are refactoring auto-approve to make the configuration file less complicated.
+
+The `.github/auto-approve.yml` will now only accept the following values:
+
+```yaml
+processes:
+  - "UpdateDiscoveryArtifacts"
+  - "RegenerateReadme"
+  - "DiscoveryDocUpdate"
+  - "PythonDependency"
+  - "NodeDependency"
+  - "NodeRelease"
+  - "JavaDependency"
+```
+
+These seven processes represent different workflows for what auto-approve will approve and merge in a given repository. To see their logic in full, see the corresponding file in /src/process-checks.
+
+Below is what each process checks for:
+
+* UpdateDiscoveryArtifacts:
+  - Checks that the author is 'yoshi-code-bot'
+  - Checks that the title of the PR starts with 'chore: Update discovery artifacts'
+  - Max 2 files changed in the PR
+  - Each file path must match one of these regexps:
+    - /^docs\/dyn\/index\.md$/
+    - /^docs\/dyn\/.*\.html$/
+    - /^googleapiclient\/discovery_cache\/documents\/.*\.json$/
+* RegenerateReadme:
+  - Checks that the author is 'yoshi-automation'
+  - Checks that the title of the PR is 'chore: regenerate README'
+  - Max 2 files changed in the PR
+  - Each file path must match one of these regexps:
+    - /^README.md$/
+    - /\.github\/readme\/synth.metadata\/synth\.metadata$/
+* DiscoveryDocUpdate
+  - Checks that the author is 'googleapis-publisher'
+  - Checks that the title of the PR starts with 'chore: autogenerated discovery document update'
+* PythonDependency:
+  - Checks that the author is 'renovate-bot'
+  - Checks that the title of the PR matches the regexp: /^(fix|chore)\(deps\): update dependency (@?\S*) to v(\S*)$/
+  - Max 3 files changed in the PR
+  - Each file path must match one of these regexps:
+    - /requirements.txt$/
+  - All files must: 
+    - Match this regexp: /^samples\/snippets\/requirements.txt$/
+    - Increase the non-major package version of a dependency
+    - Only change one dependency
+    - Change the dependency that was there previously, and that is on the title of the PR
+* NodeDependency:
+  - Checks that the author is 'renovate-bot'
+  - Checks that the title of the PR matches the regexp: /^(fix|chore)\(deps\): update dependency (@?\S*) to v(\S*)$/
+  - Max 3 files changed in the PR
+  - Each file path must match one of these regexps:
+    - /package\.json$/
+  - All files must: 
+    - Match either these regexp:
+      - /^samples\/package.json$/
+      - /^\/package.json$/
+    - Increase the non-major package version of a dependency
+    - Only change one dependency
+    - Change the dependency that was there previously, and that is on the title of the PR
+* NodeRelease:
+  - Checks that the author is 'release-please'
+  - Checks that the title of the PR matches the regexp: /^chore: release/
+  - Max 2 files changed in the PR
+  - Each file path must match one of these regexps:
+    - /^package.json$/
+    - /^CHANGELOG.md$/
+  - At least one file must: 
+    - Match either this regexp: /^package.json$/
+    - Increase the non-major package version
+    - Only change the top-level package
+    - Approve on a day between Mon - Thurs PST (so as to not trigger a weekend release)
+* JavaDependency:
+  - Checks that the author is 'renovate-bot'
+  - Checks that the title of the PR matches the regexp: /^(fix|chore)\(deps\): update dependency (@?\S*) to v(\S*)$/
+  - Max 3 files changed in the PR
+  - Each file path must match one of these regexps:
+    - /pom.xml$/
+  - All files must: 
+    - Match this regexp: /pom.xml$/
+    - Increase the non-major package version of a dependency
+    - Only change one dependency
+    - Change the dependency that was there previously, and that is on the title of the PR, and is a Google dependency
+  
+
+This change in configuration permits the following:
+* Allows for more complete testing as described by c8, by codifying the logic in TS as opposed to the JSON validation schema
+* Reduces the possibility of human error in the config, and creates a more secure process to adding logic (by requiring code review through the github automation team)
+* Allows for different use cases to start branching out and requiring distinct conditions without further refactor
+* Allows for tests to be specific to languages and use cases
+* Still allows for users to self-select if they'd like to use auto-approve, and specify a use case that is specific to their
+repo's needs.
+
+As before, a repo may select one or more of these processes if they are relevant to the repository.
+
+If you'd like to petition for a new workflow, please submit a bug in this directory with the label `bot: auto-approve`.
+
+Furthermore, the bot still requires a CODEOWNERS file to look like so:
+
+There should be a CODEWONERS file, under `.github/CODEOWNERS` in your repository. You must add a line that adds the Github Automation team as a codeowner for the `auto-approve.yml` file you have created, and they will be alerted anytime there is a change to the file. See the example below.
+
+```
+# Code owners file.
+# This file controls who is tagged for review for any given pull request.
+#
+# For syntax help see:
+# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax
+
+
+.github/auto-approve.yml                 @googleapis/github-automation
+```
+
+The bot will continue to work for the old configuration style (see below). However, new processes will be added to the configuration as described above.
+
+## Previous configuration style (pre 11/23/21):
+
+Create a file in `.github/auto-approve.yml` in your repository.  The complete options supported include:
 
 ```yaml
 rules:

diff --git a/packages/auto-approve/__snapshots__/auto-approve.test.js b/packages/auto-approve/__snapshots__/auto-approve.test.js
@@ -72,7 +72,7 @@ exports['auto-approve main auto-approve function config exists on main branch wi
   }
 }
 
-exports['auto-approve gets secrets and authenticates separately for approval creates a separate octokit instance and authenticates with secret in secret manager 1'] = {
+exports['auto-approve main auto-approve function config does not exist on main branch attempts to get codeowners file and create a passing status check if PR contains correct config 1'] = {
   'head_sha': 'c5b0c82f5d58dd4a87e4e3e5f73cd752e552931a',
   'name': 'Auto-approve.yml check',
   'conclusion': 'success',
@@ -83,33 +83,29 @@ exports['auto-approve gets secrets and authenticates separately for approval cre
   }
 }
 
-exports['auto-approve gets secrets and authenticates separately for approval creates a separate octokit instance and authenticates with secret in secret manager 2'] = {
-  'event': 'APPROVE'
-}
-
-exports['auto-approve main auto-approve function config does not exist on main branch attempts to get codeowners file and create a passing status check if PR contains correct config 1'] = {
+exports['auto-approve main auto-approve function config does not exist on main branch attempts to get codeowners file and create a failing status check if PR contains wrong config, and error messages check out 1'] = {
   'head_sha': 'c5b0c82f5d58dd4a87e4e3e5f73cd752e552931a',
   'name': 'Auto-approve.yml check',
-  'conclusion': 'success',
+  'conclusion': 'failure',
   'output': {
     'title': 'Auto-approve.yml check',
-    'summary': 'Successful auto-approve.yml config check',
-    'text': ''
+    'summary': 'auto-approve.yml config check failed',
+    'text': 'See the following errors in your auto-approve.yml config:\nYou must add this line to the CODEOWNERS file for auto-approve.yml to merge pull requests on this repo: .github/auto-approve.yml  @googleapis/github-automation/\n[object Object]\n'
   }
 }
 
-exports['auto-approve main auto-approve function config does not exist on main branch attempts to get codeowners file and create a failing status check if PR contains wrong config, and error messages check out 1'] = {
+exports['auto-approve main auto-approve function config does not exist on main branch passes PR if auto-approve is on main, not PR 1'] = {
   'head_sha': 'c5b0c82f5d58dd4a87e4e3e5f73cd752e552931a',
   'name': 'Auto-approve.yml check',
-  'conclusion': 'failure',
+  'conclusion': 'success',
   'output': {
     'title': 'Auto-approve.yml check',
-    'summary': 'auto-approve.yml config check failed',
-    'text': 'See the following errors in your auto-approve.yml config:\nYou must add this line to the CODEOWNERS file for auto-approve.yml to merge pull requests on this repo: .github/auto-approve.yml  @googleapis/github-automation/\n[object Object]\n'
+    'summary': 'Successful auto-approve.yml config check',
+    'text': ''
   }
 }
 
-exports['auto-approve main auto-approve function config does not exist on main branch passes PR if auto-approve is on main, not PR 1'] = {
+exports['auto-approve gets secrets and authenticates separately for approval creates a separate octokit instance and authenticates with secret in secret manager 1'] = {
   'head_sha': 'c5b0c82f5d58dd4a87e4e3e5f73cd752e552931a',
   'name': 'Auto-approve.yml check',
   'conclusion': 'success',
@@ -119,3 +115,7 @@ exports['auto-approve main auto-approve function config does not exist on main b
     'text': ''
   }
 }
+
+exports['auto-approve gets secrets and authenticates separately for approval creates a separate octokit instance and authenticates with secret in secret manager 2'] = {
+  'event': 'APPROVE'
+}
diff --git a/packages/auto-approve/__snapshots__/check-config.test.js b/packages/auto-approve/__snapshots__/check-config.test.js
@@ -33,3 +33,19 @@ exports['check for config whether YAML file has valid schema should fail if conf
 exports['check for config whether YAML file has valid schema should fail if there are duplicate items 1'] = `
 [{"wrongProperty":{"i":1,"j":0},"message":"must NOT have duplicate items (items ## 0 and 1 are identical)"}]
 `
+
+exports['check for config whether YAML file has valid schema V2 should fail if YAML has any other properties than the ones specified 1'] = `
+[{"wrongProperty":{"allowedValues":["UpdateDiscoveryArtifacts","RegenerateReadme","DiscoveryDocUpdate","PythonDependency","NodeDependency","NodeRelease","JavaDependency"]},"message":"must be equal to one of the allowed values"}]
+`
+
+exports['check for config whether YAML file has valid schema V2 should fail if the property is wrong 1'] = `
+[{"wrongProperty":{"additionalProperty":"processeses"},"message":"must NOT have additional properties"}]
+`
+
+exports['check for config whether YAML file has valid schema V2 should fail if both v1 and v2 schemas are included 1'] = `
+[{"wrongProperty":{"additionalProperty":"rules"},"message":"must NOT have additional properties"}]
+`
+
+exports['check for config whether YAML file has valid schema V2 should fail if there are duplicate items 1'] = `
+[{"wrongProperty":{"i":0,"j":1},"message":"must NOT have duplicate items (items ## 1 and 0 are identical)"}]
+`